Authenticate users member of a specific group with the java naming library.
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.naming.ldap.*"%>
<%@ page import="javax.naming.directory.*"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><title>AD Authentication</title></head>
<body>
<%
request.setCharacterEncoding("utf-8");
String uname = request.getParameter("username");
String passwd = request.getParameter("password");
String ATTRIBUTE_FOR_USER = "sAMAccountName";
String returnedAtts[] ={ "sn", "givenName", "memberOf", "mail" };
String searchFilter = "(&(objectClass=user)(" + ATTRIBUTE_FOR_USER + "=" + uname + "))";
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchBase = "/** AD search base, eg: OU=ougroups, DC=blogger, DC=com */";
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.PROVIDER_URL, "/** ldap server and port, eg: ldap://7.7.7.7:389 */");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, uname + "/** domain name, eg: @blogger.com */");
environment.put(Context.SECURITY_CREDENTIALS, passwd);
LdapContext ctxGC = null;
try
{
ctxGC = new InitialLdapContext(environment, null);
NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
if (answer.hasMoreElements())
{
while (answer.hasMoreElements())
{
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null)
{
String s = attrs.get("memberOf").toString();
out.println("Member Of = " + s);
if (s.contains("/** AD group, eg: CN=grusers, OU=ougroups, DC=blogger, DC=com */"))
{
out.println("OK user is member of the group");
} else
{
out.println("No user is not member of the group");
}
} else
{
out.println("User has no attributes");
}
}
} else
{
out.println("Search retrieve nothing");
}
}
catch (NamingException e)
{
out.println("Just reporting error");
}
%>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.naming.ldap.*"%>
<%@ page import="javax.naming.directory.*"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><title>AD Authentication</title></head>
<body>
<%
request.setCharacterEncoding("utf-8");
String uname = request.getParameter("username");
String passwd = request.getParameter("password");
String ATTRIBUTE_FOR_USER = "sAMAccountName";
String returnedAtts[] ={ "sn", "givenName", "memberOf", "mail" };
String searchFilter = "(&(objectClass=user)(" + ATTRIBUTE_FOR_USER + "=" + uname + "))";
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchBase = "/** AD search base, eg: OU=ougroups, DC=blogger, DC=com */";
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.PROVIDER_URL, "/** ldap server and port, eg: ldap://7.7.7.7:389 */");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, uname + "/** domain name, eg: @blogger.com */");
environment.put(Context.SECURITY_CREDENTIALS, passwd);
LdapContext ctxGC = null;
try
{
ctxGC = new InitialLdapContext(environment, null);
NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
if (answer.hasMoreElements())
{
while (answer.hasMoreElements())
{
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null)
{
String s = attrs.get("memberOf").toString();
out.println("Member Of = " + s);
if (s.contains("/** AD group, eg: CN=grusers, OU=ougroups, DC=blogger, DC=com */"))
{
out.println("OK user is member of the group");
} else
{
out.println("No user is not member of the group");
}
} else
{
out.println("User has no attributes");
}
}
} else
{
out.println("Search retrieve nothing");
}
}
catch (NamingException e)
{
out.println("Just reporting error");
}
%>
</body>
</html>
Comments
Post a Comment